VPN – Cisco ASA

In this topic, you will learn how to configure Cisco ASA to work together with Portnox™ Cloud and 802.1X RADIUS authentication for VPN connections.

Warning: This topic contains documentation prepared by our support agents more than 12 months ago. It may not cover the newest models or the newest interfaces of NAS devices. We’re working on bringing you updated documentation for NAS devices in the near future. However, the methods of setting up third-party devices may still change when the manufacturers update their firmware or release new models. Therefore, to get the most accurate and current configuration guidance, we strongly recommend that you refer to the documentation provided by the manufacturer. If you need help setting up newer equipment that does not match the description in this topic, contact us at support@portnox.com.
  1. Create a RADIUS server group by navigating to Configuration > Remote Access VPN > AAA/Local Users > AAA Server Groups and clicking on Add.

  2. In the Add AAA Server Group window that appears:

    1. Specify a name for the AAA Server Group.
    2. In Protocol, select RADIUS.
    3. Enter a Realm-id.
  3. Select the AAA server group you created, and in the Servers in the Selected Group section, click on Add.

  4. In the Edit AAA Server window that appears:

    1. Enter the cloud RADIUS details: the IP address, the authentication port, the accounting port, and the shared secret.
    2. Update the Timeout to 30 seconds.
    3. Verify that the Microsoft CHAPv2 Capable checkbox is checked.
    4. Click on OK.
  5. Navigate to Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Connection Profiles, and in the Connection Profiles section, click on Add.

  6. In the Edit AnyConnect Connection Profile window that appears:

    1. Go to the Basic tab.
    2. Specify a Name for the connection profile.
    3. Specify Aliases for the connection profile.
    4. Select the AAA server group that was created earlier.
    5. Select Client Address Pools.
    6. Check the Enable SSL VPN client protocol checkbox.
    7. Specify DNS servers.
    8. Specify Domain Name.
    9. Go to the Advanced tab.
    10. Check the Enable password management checkbox.
    11. Click on Apply.

  7. Verify that:

    1. In the Access Interfaces section, the Enable Cisco AnyConnect VPN Client access on the interface selected in the table below checkbox is checked.
    2. In the Login Page Settings section, the Allow user to select connection profile on the login page checkbox is checked.